-
Notifications
You must be signed in to change notification settings - Fork 5
/
ClockSync2.tla
86 lines (72 loc) · 2.1 KB
/
ClockSync2.tla
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
------------------------------ MODULE ClockSync2 ------------------------------
(*
* Incremental TLA+ specification of the clock synchronization algorithm from:
*
* Hagit Attiya, Jennifer Welch. Distributed Computing. Wiley Interscience, 2004,
* p. 147, Algorithm 20.
*
* Assumptions: timestamps are natural numbers, not reals.
*
* Version 2: Sending messages
* Version 1: Setting up the clocks
*)
EXTENDS Integers
CONSTANTS
\* minimum message delay
\* @type: Int;
t_min,
\* maximum message delay
\* @type: Int;
t_max
ASSUME(t_min >= 0 /\ t_max > t_min)
VARIABLES
\* the reference clock, inaccessible to the processes
\* @type: Int;
time,
\* hardware clock of a process
\* @type: Str -> Int;
hc,
\* clock adjustment of a process
\* @type: Str -> Int;
adj,
\* messages sent by the processes
\* @type: Set([src: Str, ts: Int]);
msgs,
\* the control state of a process
\* @type: Str -> Str;
state
(***************************** DEFINITIONS *********************************)
\* we fix the set to contain two processes
Proc == { "p1", "p2" }
\* control states
State == { "init", "sent", "done" }
\* the adjusted clock of process i
AC(i) == hc[i] + adj[i]
(*************************** INITIALIZATION ********************************)
\* Initialization
Init ==
/\ time \in Nat
/\ hc \in [ Proc -> Nat ]
/\ adj = [ p \in Proc |-> 0 ]
/\ state = [ p \in Proc |-> "init" ]
/\ msgs = {}
(******************************* ACTIONS ***********************************)
\* send the value of the hardware clock
SendMsg(p) ==
/\ state[p] = "init"
/\ msgs' = msgs \union { [ src |-> p, ts |-> hc[p] ] }
/\ state' = [ state EXCEPT ![p] = "sent" ]
/\ UNCHANGED <<time, hc, adj>>
\* let the time flow
AdvanceClocks(delta) ==
/\ delta > 0
/\ time' = time + delta
/\ hc' = [ p \in Proc |-> hc[p] + delta ]
/\ UNCHANGED <<adj, msgs, state>>
\* all actions together
Next ==
\/ \E delta \in Int:
AdvanceClocks(delta)
\/ \E p \in Proc:
SendMsg(p)
===============================================================================